Encryption and RFC 2109

[Archie]

Shot in the dark but does anyone know if there is a way to keep an encrypted
string conformed to RFC 2109? I am obviously trying to encrypt/decrypt some
cookie values.

thanks
-a

 

[Filip Larsen]

Shot in the dark but does anyone know if there is a way to keep an encrypted
string conformed to RFC 2109? I am obviously trying to encrypt/decrypt some
cookie values.

Hmm, top of page 4 in RFC 2109 says

"The VALUE is opaque to the user agent and may be anything the origin
server chooses to send, possibly in a server-selected printable ASCII
encoding."

so I guess that means something like base64 encoding (RFC 2045) will do.
At least, I've pretty much used base64 every time I needed to
ASCII-encode binary data over HTTP, so I would be surprised if it do not
work with cookie values (as long as the values are not too long, which I
believe is 4096 bytes for the whole cookie).


Regards,

 

[Archie]

That's what I thought....Base64 encoding works just fine. I thought I was
missing something in order to do a stornger level of encryption.

Thanks!
-a

 

[Filip Larsen]

Base64 encoding works just fine. I thought I was
missing something in order to do a stornger level of encryption.

Be sure that you only use base64 to encode data, not to encrypt it.
Encryption is a completely different thing and only relates to base64
because binary data (like typical encrypted data) often are encoded
using base64 for transport over an "ASCII-only" transport channel (like
HTTP).


Regards,